So, we needed to put together a concept map for what we’ve been exploring in this course, at least as I have experienced it! I have no doubt that I’ve drawn in items that others don’t feel figured heavily, and conversely I’ve probably omitted things people may have thought were especially key.
Still, for all the inherent limitations, here’s what I’ve produced.
Federated, Decentralized, and E2EE Networks: Similarities, Differences, and Trade-offs
(TL;DW)
If you think about the history of computing, there’s a general trend that appears:
When a new advancement is made, it tends to be very large, very expensive, and usually only available to those who can afford the extravagance (or have / convince themselves they have great need). But as long as you have the money, space, or whatever resource is required, there’s no real barrier to getting one–there’s so few instances of the new tech out there, you can’t really even hope to connect it to get any sort of network benefit.
As time goes on and the new technology becomes more affordable, it typically enters the realm of “too expensive for the home, but businesses might have one.” In this phase, there’s a powerful incentive for businesses to create network effects, often by advancing their own patented or unique revision of the technology, in an effort to first convince people to use it, then make it difficult or costly for them to leave it, then use that increasingly captive audience to convince others to join their particular walled garden.
But as the technology continues to advance and becomes faster, smaller, cheaper… there’s more capability for people to begin making use of it at home. And naturally, they want to use it in the way that suits them–which is not always the way the businesses who created the walled gardens want them to use it. Over time, the growing ubiquity of the new technology can result in people overcoming network effects just because of the sheer number of people working against those effects in all their myriad ways.
Now, let’s think about social computing in this fashion. The earliest stages of social computing were very much about protocols, but they were somewhat unwieldy to employ and required a lot of resources to use, tied as they were to large computing systems and communication infrastructure that was rather resource-intensive.
As time passed, these large systems became easier to set up and use, but… communications infrastructure was still lacking, and running large websites at home was frequently infeasible. This led to a centralization effect, where a site managed by a business could benefit from having those network effects–more users could mean more revenue, which allowed them to expand the site. It had the potential to be a positive feedback loop, if the effects of greed and profit-seeking were kept at bay.
But over time, the technology available to us has continued to increase. We have more powerful computers, and always-on broadband connections are much more commonplace. We could very well be approaching the time where people can pull their “social networks” (in the sense of a service or a site) back out to the edges of the network, rather than keeping them held in a centralized location.
And this leads us to decentralized networks!
There’s certainly more than one style of decentralized network, taken as an umbrella category. If you want to replicate the look and feel of something such as Twitter, perhaps you might start by creating your own Twitter-like website that you can run on your own equipment. And hey, maybe somebody else runs their own copy of the software, too. A protocol can connect the two of them so you can see each other’s activity–this is a federated system.
I would categorize a federated system as a midpoint along the continuum of decentralization. It’s still a somewhat-centralized service, after all. The admin may federate with other servers… or they might not. You still have to find and choose what server you want to sign up under, and if you go create a new account on another server, well… that’s a different account on a different server, and you might need to rebuild your post history and your social graph from there.
There are other styles of decentralized network–P2P and blockchain are two other mentioned by Jeong et al. (2025). But if you continue pulling the social network out to the edge, the logical endpoint is a system where everybody has their own “site.”
The example I would use of something like this would be Bluesky and the AT Protocol, which you may have read about in Unit 8! Under the AT Protocol, every user has a globally unique decentralized identifier. The human-readable handle can be changed, but the DID remains unique, no matter where you go. And you can go wherever you want–the DID can be updated to point to a personal data store, or PDS, that can be placed wherever you choose. It can be on Bluesky’s servers, or you can run it yourself. That PDS contains your posts, your social graph, and all the data that is “yours.” If you want to go somewhere else, you simply move your PDS to a new location, with no need to rebuild from scratch.
By contrast, end-to-end-encrypted (E2EE) networks are a different breed entirely. They certainly can be decentralized… but that introduces new challenges.
In an E2EE network, everything is encrypted at the endpoints before being transmitted. No middle points along the path can read the traffic. That’s already a benefit. Of course, metadata and traffic flow analysis can be used to infer other data about the communications, and so E2EE is often also implemented in a completely decentralized fashion.
But one of the biggest challenges of E2EE is key management. That is, if the encryption keys are only managed at the endpoints… how do new endpoints exchange those keys? If I only accept encrypted traffic, how do you send me a message to ask for my encryption keys? I would have to post my keys somewhere, and before you could try to talk to me, you would have to find wherever I put my keys.
In the realm of OpenPGP, keyservers are a common answer to this quandry. But a keyserver is a point of centralization–the bigger a keyserver becomes, the more useful it is for people to use it, and the more the network will de facto depend on it. So already, we see where centralization still plays a very important role in making E2EE networks convenient for users.
Signal is an example of an E2EE network, but still maintains a centralized service to facilitate key exchange and introduction. But because keys are essentially tied to the endpoint devices, the loss or rotation of a device can mean the entire messaging history is lost. This would not be acceptable in a social network. More recently, a newer E2EE protocol (based on the Signal protocol) has been developed to try to extend the benefits of E2EE to social networking applications as well.
Decentralized and E2EE social computing is an area of social computing that has held my fascination for a long time, and probably will in future as well! Hopefully this was an interesting overview of this area for you, too!
References:
Basem, O., Ullah, A., & Hassen, H. R. (2023). Stick: An end-to-end encryption protocol tailored for social network platforms. IEEE Transactions on Dependable and Secure Computing, 20(2), 1258-1269. https://doi.org/10.1109/TDSC.2022.3152256
Jeong, U., Ng, L. H. X., Carley, K. M., Liu, H. (2025, March 31). Navigating decentralized online social networks: An overview of technical and societal challenges in architectural choices. arXiv preprint. https://doi.org/10.48550/arXiv.2504.00071
Masnick, M. (2019, August 21). Protocols, not platforms: A technological approach to free speech, 19-05. Knight First Amendment Institute. https://perma.cc/MBR2-BDNE
I’m going to consider these protocols:
I was actually a user on LiveJournal back when Brad Fitzpatrick launched OpenID. And for a while, it was quite nice to be able to use a single identity provider for everything. The promise of convenience and being able to have one canonical digital “you” that everything could be linked to was quite alluring.
Of course, as Facebook and Google grew ever larger and encompassed more and more of the Web’s active social services… well. The attraction died. And I realized something important–perhaps it was more secure to simply create many sharded identities at the various sites. Because I didn’t want Facebook, or Google, or indeed any identity provider, to be the sole key to my digital identity. What happened if that provider went away–bankrupted, or sold off, or just blown offline by some large-scale attack? And as long as every site used a different set of credentials, compromise at one could not compromise all. So using individual logins was a win for both security and resiliency.
I like that the Wikipedia article for OpenID explicitly draws some comparisons to OAuth, because I think that’s also replaced OpenID to a large extent. Both involve authenticating through an external identity provider (IdP). However, behind the scenes, OpenID has both sites talking to each other and verifying the identity, while OAuth essentially hands a token to the user, who hands it to the second site, who uses the token to query the first site through whatever API it offers.
In some ways, OAuth has more applicable contexts, because it’s designed to allow users to delegate access even to non-interactive devices. However, OAuth has a major issue if it’s not set up correctly with HTTPS: A token is not typically single-use. If either end-device or connection flow is compromised, the token can be stolen and re-used to gain access, and possibly even persist access by using the stolen token to renew and gain a new token even when the original application is no longer active. The same issue would, in fairness, arise if OpenID was used without HTTPS, but the use of a nonce and live authentication would at least potentially pose a somewhat more complicated challenge to replay later.
ActivityPub is clearly designed off a general social media platform paradigm. That “followers,” “following,” and “liked” are required attributes of any “actor” in the protocol says a lot, in my mind. There are other optional attributes, but those are always required. So the assumption that “likes” are a thing is baked right in there, as are the assumptions that people using this protocol want to “follow” each other and allow others to follow them.
The discussion around how server are essentially taking messages from actors’ outboxes and posting them into other actors’ inboxes is reminiscent of SMTP, of course. But then there’s the line that says that “Attempts to deliver to an inbox on a non-federated server SHOULD result in a 405 Method Not Allowed response.” So… the ability to deliver a message to an inbox depends on the two servers being federated. But I don’t see anything in this protocol description as to how this federation occurs. Worse, I see a note that while ActivityPub uses authentication in server-to-server federation, there’s no standard for this??? Only a list of best practices? Yo, if you’re going to say that non-federated deliveries should fail, you should definitely have a spec for how federation should occur! Without a spec, people are going to bodge that stuff, and it’s not always going to be pretty!
In fact, I currently think that’s possibly the biggest weakness in ActivityPub (that I see), at least as far as interoperability goes. Theoretically, compatible servers should be able to use the protocol to send between implementations–and the protocol already notes that clients may or may nor be able to edit / interpret the original “source” used to create the rendered “content” in the messages. But without a standard for federation… aren’t we basically left in a situation where everybody basically does what seems good to them, with maybe a nod to “best practices” in concept, but with everybody doing their own specific twist along the way? That seems like a recipe for a very fragmented ecosystem, where various implementations can only reliably talk to themselves, using whatever setup method is deemed acceptable for setting up federation.
Now let’s talk about AT Protocol! The more I read, the more I like it… the entire design of the protocol revolves around a different concept entirely. Rather than focusing on a user-centric model of an inbox and an outbox, AT Protocol conceives of the entire social network from the perspective of all the various services needed to power the network in a decentralized fashion. Handles are linked to domain names and keys published via domain names or web servers. All the data in the network is stored within personal data servers (PDSs) for the various accounts. Updates to the network are posted to the various PDSs. These updates are gathered and collated by relays. App views can then display the collected content of the network, with authoritative data always available through the PDS which originated any specific post. I touched on this back in Week 5 (https://comp650.nextdoornetadmin.ca/2025/05/28/week-5-analyzing-social-systems-part-2/), but the app views can also use different algorithms to alter the view of the network at the user’s request.
This structure is designed to allow any part to be swapped out or replaced at any point. Users can change their handles to use their own domain names, and pull their entire store of data into another PDS at will. Importantly, the PDS contains all the user’s data, including posts, friends, and blocks. The user’s social graph is always ultimately under their control, and cannot be shut down because the user can always retrieve their data (which they control with their own cryptographic keys) and move it to another PDS. Similarly, if a particular relay decides to censor the network by refusing to crawl particular PDSs, anybody can set up another relay to collate the network’s data. Applications offering an app view of the network can be swapped out, and so can the algorithms responsible for ordering and displaying the data.
At a technical level, this strikes me as a censorship-resistant protocol, but rather than attempting to counter a network-level adversary that controls and filters network access, the goal here is to counter corporate or organization-level control of the server infrastructure that drives the network. (This is complementary to something like Tor, and you could even theoretically extend this to running PDSs at .onion hidden services.) This also means that the network cannot easily be enshittified, because by design there can be no lock-in–all components can be swapped out if they no longer serve the user’s interests.
What does stick out to me right now is that by design, all data in the PDS is public. There are no access controls. Users can choose to block individuals, but that only prevents them seeing the blocked user–their own content is still visible to the blocked user. I suspect this is, to a large degree, a function of making the network so resistant to centralized control. In that setup, no user can unilaterally impose their will on another, and the same is true for any organization that would try to moderate content. There are publicly-sourced block lists, and moderation tools that can add some metadata to posts, but it’s up to individual app views or relays to respect those configuration choices; it can’t be completely enforced within the social network.
I’ve been using Signal for quite some time, and I have a massive amount of respect for the Signal developers. The Signal protocol itself is different from Signal the application, it is important to note. The Signal protocol can be (and has been) implemented within other applications (such as WhatsApp).
The Signal protocol is also somewhat censorship-resistant, but it has been designed more for security than for other purposes. To this end, the protocol ensures that messages being sent between participants are encrypted end-to-end, so that the service operator cannot see what is being exchanged. Of course, this still leaves visible the metadata of who is doing the communicating. A further development was to allow “sealed sender”, where the sender’s identity can be obscured to the server, which only need know the recipient’s identity. The use of the Axolotl ratcheting algorithm (later renamed the Double Ratchet Algorithm) also ensures that even a compromise of the message stream will be eliminated as the keys are rotated and exchanged between the endpoints.
Importantly, while the protocol is verifiably secure, the applications and end devices are “out of scope” for those assurances. It’s entirely possible for a secure protocol to be used in a very insecure application. It’s also very possible for it to be used in a messaging application run by an untrustworthy company that makes its money by tracking its users and their communication patterns (*cough* Meta *cough*). As is usually the case with an E2EE protocol, the centralization is used for necessary purposes including exchanging public keys and relaying messages when either end device is temporarily offline. No facility is provided for a user to move to a different application using the protocol while bringing their entire social graph with them; Signal Protocol is only concerned with securing messages between endpoints.
Now… how would I design a distributed / federated social platform? Well… let’s start with establishing design principles. In no particular order,
This is conceptually similar to the AT Protocol, except with additional access controls to control post visibility, as well as adding redundancy for the network’s content. This protects against failure or unavailability of a personal data store.
A PDS installation should be configurable to allow whitelisted content (for private / friend group storage) or public content. Servers may allocate storage to users based on defaults or based on configured amounts linked to the handle / keypair. This may even allow users to establish commercial relationships with storage providers if desired (but never because it’s required–users can always run their own PDS, and can choose to have fewer than three storage instances if desired, though that reduces reliability).
Because posts and other material aren’t directly accessed by the relay servers, they should be relatively fast at serving the indexes described. Clients can perform a lookup of a user, a user’s posts, or posts destined for them, caching the data retrieved. Clients may display inbound posts by locating the PDS for the sending user and then retrieving the post content from any of the listed PDSs that can provide it. Clients may also be explicitly given a PDS link to retrieve, if a post is not announced to a relay. Clients posting content will attempt to directly store their content directly on all authoritative PDSs; if one is unavailable, an alert should be raised and the client should retry the storage operation later or request a functional PDS to perform a sync to the unavailable PDS later.
Locating a user’s profile will also grant access to the user’s public key, allowing posts to be directed toward that user (provided the receiving user has not instructed their client to block display of posts from the sending user). If the user has chosen to make this knowledge publicly available, their list of friends may also be posted, allowing others to traverse the network and find additional connections.
Key rotation is explicitly encouraged, as is data transfer. Servers should be prepared to locate all stored information by key and accept edits (including a new signature over the post) or export it to the client or a new PDS. Such commands or “system posts” are, like regular posts, signed with the handle’s known keypair to authenticate the command.
Relays not only gossip information about new posts, but (by default) about connections to other relays as well. This should allow a new relay to “bootstrap” with only a few connections to existing relays.
Groups may be created by a special “system post” which creates a new handle and keypair for multicast encryption. The creating user is registered as the “owner” of the group, which then creates a first post as the group’s “profile” as with a regular account, including a list of PDSs which the group will use. Group modifications, including to the list of owners and moderators, are approved by the group owner(s). Moderators are given “edit” access to the group’s posts. The group account is then instantiated on the PDSs as a clustered service, using appropriate primary / backup election methods to ensure that the group can respond to incoming input autonomously.
Group members may post to the group by sending a regular post destined only to the group; posts with a mix of group and regular recipients must be rejected. When the group account receives a post destined for it, the group account “wraps” the inbound post and rebroadcasts it using the group’s multicast encryption key. Moderators may delete the post if it is deemed inappropriate, which causes the group to blacklist that specific post ID (to prevent re-transmission). The posting user may also edit their message as normal, and the group should re-wrap and re-broadcast it as normal when the edit is detected. If the original user deletes their message, the group deletes its copy as well.
Because the group’s key is established for multicast encryption, users who have joined the group can instruct their clients to include posts from the group account, and messages from that group will be decrypted using multicast encryption rather than the user’s personal keypair.
It is anticipated that very popular groups may require their own set of private PDSs specifically to handle group content, particularly as this must be “re-broadcasted” under the group’s own account. This will, however, take the load of running the “group” account off any public PDSs, as well as alleviating the storage burden and possibly increasing performance.
A completely self-contained network can be created by initiating a relay with external connections disabled. If a client posts to its own private PDS, and notifies only the disconnected relay, then a social network of one user is the result. A second relay can be added by permitting external connections only to a specified target, and the self-contained network can grow from there.
I explicitly envision this being able to run within Tor as a (set of) hidden service(s). Though I’m sure the devil is in the details… it’s kind of a rough outline, I know.
Mance, H. (2019, July 18). Is privacy dead? Financial Times. https://www.ft.com/content/c4288d72-a7d0-11e9-984c-fac8325aaa04
You know, I administer systems absolutely stuffed with personal data. Not just in a business context! I also work with a non-profit serving a community with many people who would face incredibly adverse consequences if their membership in the community became known. That could be loss of housing, loss of employment, or worse. We need personal data in order to secure events and address problem individuals, but privacy is fiercely guarded. Our community entrusts us with their information–sometimes very reluctantly–and it’s a responsibility I have to take seriously.
I’ve occasionally considered my ethical obligations if I were to be directed to move that data to an open, insecure, unaudited platform, or if the organization decided to share that data for marketing purposes or something of that sort. Is my greater obligation to the organization who has legally collected that data and on whose behalf I manage the system, or to the community who entrusted their personal information to us for a specific purpose in a specific context? Would I be prepared to unilaterally erase the database and face whatever consequences came from that action? Can I hide behind the cloak of “Well, I didn’t know for sure that this would happen…” or would that just be a convenient lie to try and make myself feel better?
The answer will always depend on the exact circumstances, and so I can never know for sure in advance what my decision would be. But it’s something I regularly ask myself, even so.
So, for improving a social system, I’m going to look at Telegram. First, though, let’s state the context, our problems, and our goals.
Telegram is most often used in a direct-message manner, but it also offers “channels” or group messaging. I’m specifically going to look at a channel with a group of people who are all involved in a specific task. Everybody has the ability to post messages.
In this context, the problems I see mostly revolve around what people post. This is a non-exhaustive list, but they may:
The ideal, of course, would be to stop or trap harmful content before it can be seen. But in my experience, an automated solution will not be as effective here as could be desired–the context of the channel may not fit the assumptions of whoever coded the bot or trained the model, and that could lead to a mismatch between the automated solution and what should be permitted or blocked.
My goal, then, is to allow participants to, in essence, selectively withdraw their commentary from other participants in the group. I would like to do this in a way that isn’t as catastrophic as leaving the entire group, and ideally in a way that doesn’t try to force the group to “choose sides” (which could lead to the group fracturing repeatedly).
One solution I might propose is what I will call “silencing.” This works similarly to blocking somebody, except that ideally, the block goes both ways–if Participant A silences Participant B, then not only does A stop seeing B, but B should also stop seeing A’s posts and responses. This handily prevents the first two points on my list of goals, as B’s hurtful content will no longer be visible to A, and B will also be deprived of A’s posts–there is no need to provide A’s information to B for B to use in others hurtful ways. No notification of this action need be provided to either participant, or to any channel participants at large, to avoid the action creating more agitation.
A second solution I might propose is a “time out” function. In concept, this is similar to muting a channel (by disallowing notifications for a general time period) or leaving a channel altogether. The difference is, even when muted, the temptation remains to check the channel and see what people are doing–only notifications have ceased. In “time out,” the channel is no longer even visible or accessible. This function should be available to individual users (to put themselves in time out) and to channel admins (to put any user into time out). Where an individual has put themselves into time out, they should be able to navigate into their settings menu and explicitly choose to “time in”. Where an admin has placed somebody into time out, user override is not permitted.
This creates a stage in between disabling notifications and having to depart the channel altogether, and can be used in different ways:
There are, of course, some loopholes that remain. Even if A silences B, A’s posts are still visible to Participant C, who can act as a relay. If C does act as a relay, this act of relaying may also not be visible to A. This is, therefore, not a complete solution on its own–group norms should be established to ask before relaying information that somebody “missed” or “didn’t see.” Even so, this still doesn’t solve the problem of actual malevolence, but I judge that dealing with actual malevolence would likely require much stronger measures anyhow.
“Time out” is vulnerable to abuse by admins. It might be tempting to use this as a sort of “silencing” group-wide, short of actually kicking somebody out. But by its design, the message shown to other group participants is that the user in time out has “departed” the channel; there’s no benefit to an admin to put somebody in time out if their intent is to silence them permanently, as it looks like the same thing as having kicked them out fully. Potential abuse is also limited by allowing other admins to time the user back in, and by making the originating admin’s identity clear to the timed out user (with that admin also being able to be directly contacted).
Dibbell, J. (1993, December 23). A rape in cyberspace: How an evil clown, a Haitian trickster spirit, two wizards, and a cast of dozens turned a database Into a society. The Village Voice. https://web.archive.org/web/19970612100454/http://www.levity.com/julian/bungle.html
Jhaver, S., Birman, I., Gilbert, E., & Bruckman, A. (2019, July). Human-machine collaboration for content regulation: The case of Reddit Automoderator. ACM Trans. Comput.-Hum. Interact. 26(5), https://doi.org/10.1145/3338243
Mannell, K. & Smith, E. T. (2022, September 14). It’s hard to imagine better social media alternatives, but Scuttlebutt shows change is possible. The Conversation. https://theconversation.com/its-hard-to-imagine-better-social-media-alternatives-but-scuttlebutt-shows-change-is-possible-190351
Santana, A. D. (2014, ). Virtuous or vitriolic. Journalism Practice, 8(1), 18-33. https://doi.org/10.1080/17512786.2013.813194
Sherchan, W., Nepal, S., & Paris, C. (2013, August). A survey of trust in social networks. ACM Comput. Surv. 45(4). http://dx.doi.org/10.1145/2501654.2501661
Gorman, G. (2015, February 26). Interviews with the trolls: ‘We go after women because they are easier to hurt’. News.com.au. https://www.news.com.au/technology/online/social/interviews-with-the-trolls-we-go-after-women-because-they-are-easier-to-hurt/news-story/c02bb2a5f8d7247d3fdd9aabe0f3ad26
Dron, J., and Anderson, T. (2014, March 21). Agoraphobia and the modern learner. Journal of Interactive Media in Education, 2014(1). https://doi.org/10.5334/2014-03
For this one, I needed to do a bit of a social network map. I did this by hand, and will continue referring to it below.
This is an egocentric map, as that’s a projection that makes the most sense to me for this example. “Strength” of the relationship (as assessed by me) is measured by the type of line, moving from a solid line for the strongest connections, through a dashed line, to a dotted line for the weakest connections. Connections between nodes other than the central node are assessed by observation and supposition; I haven’t taken a poll of anybody on this! Link reciprocity is not directly assessed or indicated here.
In a general sense of speaking, most of the people in my house are located in the lower-left corner, with immediate biological family in the mid-left. Friends and family in the Seattle area are located in the lower-right corner, with some crossover in the lower middle created by long mutual involvement in a non-profit. (There is one exception–the placement of the node labelled “F” on the lower-to-middle right was an oversight, and it should be more correctly clustered with other nodes on the lower-left!)
The upper-right section is a very partial graph of connections into my workplace, and the upper-left holds two connections to good friends online who are not otherwise connected to other nodes on the graph.
One of the first things to stand out to me is the fact that most of the connections I have drawn to myself are considered to be highly or moderately strong. On reflection, this does make sense–these are the connections most likely to stand out and therefore most likely to be drawn (except where the receiving nodes are already drawn into the graph, in which case adding a link is of trivial effort).
Another point that is relatively clear to be seen is that there is a fair amount of crossover between two otherwise-distinct clusters–a house in Vancouver and a house in Seattle. While those clusters were drawn using physical location as an organizing principle, the friendships created over a mutual interest and activity have created many links between these two locations in social space.
Conversely, my biological family, workplace, and notable Internet-only connections have no connections between each other or to the other groups. This reflects definite intention on my part, as some of these areas of life are deliberately kept partitioned from each other. (In the case of the Internet-only connections, this is actually less intention and more simply a case of circumstance, but the effect, as with the others, is to have them partitioned away from everything else in the network nearly completely.)
In every direction, the graph could certainly be extended, with direct relationships growing weaker and more remote as I went. (My workplace alone would probably double the size of the overall graph.) I expect that, even as these groups continued to grow and display more interconnections with each other, the partitioned groups would stay partitioned, and the connected groups would grow ever more so.
Bluesky purports to offer algorithmic choice to its users. Some of the design outlined mentioned by Graber (2023) includes treating algorithms as general aggregator services, allowing the user to swap between aggregators (or indeed, creating an aggregation of aggregators!) at will. Graber also notes correctly that even a simple “just the posts of people I follow, in chronological order” is itself an algorithm.
This is far from the only algorithm available, however. Slachmuijlder (2024) notes that Bluesky also offers algorithms such as “Popular with Friends,” “Science,” “Blacksky,” and “Quiet Posters.” These algorithms are all quite different.
“Popular with Friends” showcases popular content from the people you follow and the people they follow. This relies on signals such as likes–the more liked a post is, the stronger the signal of “popularity.” This is limited to two levels of follows–your direct follows, and their follows–so that you aren’t simply browsing the most popular content on the entire service.
“Science” is “a curated feed from Bluesky professional scientists, science communicators, and science/nature photographer/artists.” This therefore is less a machine algorithm and much more of a human algorithm in operation, relying on the judgement of the curator(s) to determine posts which “fit” the category.
“Blacksky” is a feed for showcasing black voices. This is poster-determined, as using a specific hashtag can either include a single post into the feed or add the poster into the feed permanently. (Manual removal of posts or posters is available if necessary to clean up the feed.)
“Quiet Posters” includes posts from people who follow you who don’t post often, ensuring that infrequent posts aren’t drowned out in a large or busy feed.
The ability for users to select their own algorithms, or indeed choose several of them (if science is an interest, why not include Science as one of the options, as well as something which looks more directly at your own follows and followers?) is a powerful feature. The feedback loops in operation are different for each of these algorithms, but the user is not locked into any of them.
A feed such as Blacksky, which can be manipulated by simply adding the appropriate hashtag to a post, is simple to join to make content more visible. This ease of use also makes it relatively easy to abuse, particularly as removal of a post or poster from the feed is a manual affair. Perhaps to some extent (and I am theorizing heavily here!) this is a risk that is judged acceptable to some marginalized communities–the risk of a non-marginalized poster voluntarily marking themself as marginalized is comparatively low, versus the risk that an automated method of removing marginalized posters from the feed could be abused by non-marginalized viewers. The algorithm’s design in this case could be understood to offer maximal ease of inclusion and minimal risk of being unfairly removed by abuse of automation.
“Popular with Friends” seems more vulnerable to persistent abuse, however. As this is based on how “popular” a post is, any automated influence operation that artificially inflates a post’s like count could drive up a post’s visibility in the feed. This is somewhat mitigated by the limitation to any single user’s immediate follows and their follows. Still, for a user with an expansive social network, this might still be something of a concern.
The largest risk I can see with Blacksky’s function is what I highlighted earlier–a risk of external hijacking of the feed, by external actors adding the required tags to automatically include themselves and then broadcast to everybody using that algorithm. The design of manual intervention being required to reverse that is the corresponding weakness (even though good reasons may exist for that design decision). If I were to design a modification to this, I would seek to incorporate signals from the users of the feed. If a significant proportion of the feed’s subscribers were to block or otherwise downvote a given post, the feed might respond to this signal by deprioritizing or hiding that post. Of course, this also creates a weakness of external actors subscribing to the feed in sufficient numbers to block any target post they choose. For marginalized communities, this may be perceived as a much bigger risk than the risk of the occasional broadcast from inappropriate sources (until manual intervention arrives). A refinement of my modification might also gate the accounts whose blocking signals are counted, such that users who have only recently subscribed to the feed cannot influence automated moderation, with various cutoffs (such as a week or a month) available to be tested and selected as necessary to make the feed more or less resilient to exploitation in response to changing conditions.
In a similar fashion, Popular with Friends could possibly be adjusted to only include like signals from an account’s own follows. The limitation in only showing popular content for direct follows and their follows is probably acceptable, as this allows for exploration of content that is not directly connected, but nearly directly connected to the user. Even so, only counting like signals from direct follows would make external influence operations nearly useless. Further adjustment could weight like signals more heavily if the target poster is not a direct follow. A direct follow has more chance of being part of the same immediate circle, and may therefore be more likely to receive more likes among that circle than a user who is only indirectly connected into the circle. Thus, amplification of these weaker “at-a-distance” like signals may be appropriate to compensate for the expected lower possible volume of likes from direct follows.
References:
Graber, J. (2023, March 30). Algorithmic choice. Bluesky. https://bsky.social/about/blog/3-30-2023-algorithmic-choice
Slachmuijlder, L. (2024, November 30). Bluesky lets you choose your algorithm. Tech and Social Cohesion. Substack. https://techandsocialcohesion.substack.com/p/bluesky-lets-you-choose-your-algorithm
Donath, J. (2020). 2. Visualizing Social Landscapes. In The Social Machine. https://web.archive.org/web/20240817102406/https://covid-19.mitpress.mit.edu/pub/ljr3x1qq/release/1
Donath, J. (2020). 4. Mapping Social Networks. In The Social Machine. https://web.archive.org/web/20240820021904/https://covid-19.mitpress.mit.edu/pub/ngsi0mxz/release/1
Ardito, G. & Dron, J. (2024). The emergence of autonomy in intertwingled learning environments: a model of teaching and learning. Asia-Pacific Journal of Teacher Education, 52(2), 241-264. https://doi.org/10.1080/1359866X.2024.2325746
Martin, A. (2013, May 1). The web’s ‘echo chamber’ leaves us none the wiser. WIRED. https://www.wired.com/story/online-stubbornness/
Ryan, R. M., & Deci, E. L. (2020, April). Intrinsic and extrinsic motivation from a self-determination theory perspective: Definitions, theory, practices, and future directions. Contemporary Educational Psychology, 61. https://doi.org/10.1016/j.cedpsych.2020.101860
– Right away, I note that SDT indicates that the (proposed to be) innate human drive for self-determination can only be robust if the three basic psychological needs of autonomy, competence, and relatedness are met. Yet I also immediately consider that, in this context, we’re already operating at the tip of Maslow’s hierarchy of needs–we should remember that there are many other preconditions that may need to be met before an innate drive for development and self-determination will exhibit itself.
– Fascinating to see the difference between autonomous extrinsic motivation (based on value) versus intrinsic motivation (based on interest / enjoyment). So many of my activities fall into the former now, versus the latter…
– Good to see the distinction made between control vs. structure! I always want to provide a “skeleton” or (in the paper’s words) scaffold that people can then fill in or flesh out as they wish. There’s always been a good bit of assertion that this is “controlling” and the better approach is to set no rules whatsoever so people can just do whatever they want. I’ve never felt that to be productive, and sometimes outright dangerous.
– I wonder if some of these “autonomy-supportive” behaviors such as “resist[ing] giving answers” and “offering progress-enabling hints when students seem stuck” might be confused with (or be complementary to!) the Socratic method of asking open-ended questions as a way of encouraging students to think critically and gain insights on their own. I’ve had several people simply refuse to engage with questions altogether, accusing me of using the Socratic method as if that’s inherently a bad thing.
– Grading! My expectation through elementary and secondary school was for all grading to be purely criterion-based, it shocked me when I entered undergraduate courses and discovered comparative grading in use (namely, “grading on a curve” according to a normal distribution). As a lifelong overachiever, I’m usually the person busting the curve, and it annoys me significantly when I can’t be graded “fairly” for my actual performance. And yet most of my fellow students preferred grading on a curve (when I wasn’t in the same class as them) and explained it as being a counterweight for “unfairly hard” assessments. As much as that may be true, I wonder if criterion-based grading isn’t both more accurate and also “better” in the sense of offering informational value about one’s accomplishments without pushing people to “just be better than somebody else.”
– It’s interesting to reflect on supporting processes versus outcomes. In some ways, focusing on the end result could be construed as supporting autonomy–there are many ways to reach the desired outcome. At the same time, there’s been several thinkers who have advocated the opposite. (For example, a company that does “the right thing” by their customers will naturally be rewarded with profits, while focusing on profits above all tempts companies to take the shortest path to the goal, at the expense of their customers.) Both of these approaches seem to have points of validity to me. Clearly, doing good does not always lead to a profitable outcome; just as clearly, “teaching to the test” does not yield the desired results. It seems more productive to balance these approaches, understanding that “how did we get to the goal?” is just as important as “did we reach the goal?”.
I also hasten to add that this requires a good understanding of what the goal is. If we failed to reach the goal of a specific grade, the temptation might be to decide that we chose the wrong path. But we may have reached a goal of learning and gaining deeper understanding, which makes the path a much more positive one.
Mikami, A. Y., Khalis, A., & Karasavva, V. (2025). Logging out or leaning in? Social media strategies for enhancing well-being.Journal of Experimental Psychology: General, 154(1), 171–189. https://doi.org/10.1037/xge0001668
– Is it possible that social media platform use, as with other addictive behaviors, presents the positive effects as the lure (connect with your friends! win a jackpot in the casino!) while minimizing the negative effects (depression and self-negativity, I can quit any time / I can beat the house because I’m smarter than everybody else)? Is that comparison lazy, or am I picking up on a similarity? In both cases, the negative effects are hidden or minimized because repetition of the addictive behavior leads to habituation of the positive effects and accumulation of the negative effects, but repetition is how profits are made.
– I have been told that some personalities are more susceptible to addictive behaviors. I wonder if anybody’s correlated these personalities to social media use and prevalence of negative vs. positive effects. I imagine that if negative effects are more prevalent in specific personalities, abstinence might be a more effective treatment for those, while tutorial might be a more effective treatment for others…
– It strikes me that a balanced approach intuitively seems to be the best way to use social media platforms–as an augmentation to offline social interaction, not a replacement. Social media definitely allows more flexibility in who we interact with, when, and under what conditions; in this, I judge it to be quite positive. At the same time, overdoing this interaction has negative effects which may be countered or diluted by having supportive offline social interaction as well. Neither online nor offline social interaction seem to replace the benefits of the other, so using them in a balanced fashion seems to be the best option to me.
Best, P., Manktelow, R., & Taylor, B. (2014, June). Online communication, social media and adolescent wellbeing: A systematic narrative review. Children and Youth Services Review, 41, 27-36. https://doi.org/10.1016/j.childyouth.2014.03.001
– “Evidence of a ‘rich-get-richer’ phenomenon is provided whereby young people whose offline friendship quality is perceived as ‘high’ had greater benefits from online communicative activities those who did not possess high quality friendships.” Interesting. Evidence towards a balanced approach being of most benefit, as I posited above?
Vogel, E. A., & Rose, J. P. (2016). Self-reflection and interpersonal connection: Making the most of self-presentation on social media. Translational Issues in Psychological Science, 2(3), 294–302. https://doi.org/10.1037/tps0000076
– If there’s a general bias towards emphasizing positive self-presentation on social networking sites, and the benefits of participating on SNS accrue mainly to those who focus on their own positive self-presentation… what vanity! Is there truly any real, long-term benefit to be had from presenting a biased perspective of yourself and then focusing on and reinforcing that biased presentation? Besides, how does this work with research showing that there’s benefits to be gained from being emotionally real and open about one’s struggles?
– “According to mood management theory, consumers select media that will help regulate their moods. When expanded to social media, the theory suggests that users select social content (such as another Facebook user’s profile) that will improve their mood.” I would suggest that this only holds so long as the user selects the content! And as we know, Facebook’s algorithms determine what content is pushed to the user in order to maximize engagement, not to be responsive to the user’s desires.
I had another seven papers I wanted to read; time pressures force me to move onward…